marchat is currently at v0.10.0-beta.1.
All security updates and fixes are applied to the main branch.
| Version | Supported |
|---|---|
| v0.10.x (main) | ✅ |
| v0.9.x | ❌ |
| Earlier versions | ❌ |
If you discover a security vulnerability in marchat, please do not open a public GitHub issue.
Instead, report it privately through one of the following:
- GitHub: Private Security Advisory
- Email: cod.e.codes.dev@gmail.com
Important
Your report will only be visible to maintainers and select collaborators until a fix is released.
We aim to respond to reports within 2–3 business days.
If confirmed:
- We'll investigate and prepare a fix in a private branch or fork.
- We may coordinate with you on the disclosure timeline.
- We'll publish a GitHub Security Advisory and credit contributors (if applicable).
If the issue meets CVE criteria and you want one assigned, let us know in your report.
GitHub is a CVE Numbering Authority and can issue one after disclosure.
This policy applies only to the official marchat codebase:
https://github.com/Cod-e-Codes/marchat
It does not cover:
- Misconfigurations in self-hosted deployments
- Issues caused by modified forks or downstream packaging
- General UX/UI feedback or feature requests
The -doctor / -doctor-json commands print masked values for sensitive MARCHAT_* variables; avoid sharing raw process environment dumps alongside doctor output. For air-gapped hosts, set MARCHAT_DOCTOR_NO_NETWORK=1 so doctor does not call the GitHub API.
For general bugs, please use:
For feature requests or questions, please use:
Thank you for helping keep marchat and its users safe!